CVE-2015-8288 — Netgear D6000 Firmware vulnerability

3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 30.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D6000 Firmware Netgear D3600 Firmware

Timeline

PublishedJun 20

Latest updateMay 17

Description

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDnetgear/d6000_firmware1.0.0.49

▶NVDnetgear/d3600_firmware1.0.0.49

🔴Vulnerability Details

GHSA

GHSA-549q-2p25-vrjq: NETGEAR D3600 devices with firmware 1↗2022-05-17

▶

CVEList

CVE-2015-8288: NETGEAR D3600 devices with firmware 1↗2016-06-20

▶